package com.vogue.meeting.common.security.config;

import com.vogue.meeting.common.security.exception.CustomAccessDeniedHandler;
import com.vogue.meeting.common.security.exception.CustomAuthenticationEntryPoint;
import com.vogue.meeting.common.security.exception.CustomExtendOAuth2ResponseExceptionTranslator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.web.AuthenticationEntryPoint;

/**
 * 资源服务配置
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Autowired
    private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
    @Autowired
    private CustomAccessDeniedHandler customAccessDeniedHandler;
    @Autowired
    private CustomExtendOAuth2ResponseExceptionTranslator customExtendOAuth2ResponseExceptionTranslator;
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
        ((OAuth2AuthenticationEntryPoint) authenticationEntryPoint).setExceptionTranslator(customExtendOAuth2ResponseExceptionTranslator);
        resources.authenticationEntryPoint(authenticationEntryPoint).authenticationEntryPoint(customAuthenticationEntryPoint);
    }

    /**
     * 不需要认证的接口资源
     */
    public static final String HTTP_ACT_MATCHERS=
            // swagger 不要认证
            "/swagger-resources," +
            "/swagger-resources/configuration/**," +
            "/swagger-ui/**," +
            "/webjars/springfox-swagger-ui/**," +
            "/webjars/springfox-swagger-ui/fonts/**," +
            "/v2/api-docs," +
            // 其他 不要认证
            "/captcha/create," +
            "/oauth/token," +
            "/user/signUp";
    @Override
    public void configure(HttpSecurity http) throws Exception {

        //不需要登录授权的的资源
        http
            .authorizeRequests()
            .antMatchers(HTTP_ACT_MATCHERS.split(",")).permitAll();
        // 设置没有权限的自定义异常信息和设置不存在access_token时候的异常信息
        http
            .exceptionHandling()
            .accessDeniedHandler(customAccessDeniedHandler)
            .authenticationEntryPoint(customAuthenticationEntryPoint);
        //需要登录授权才能访问的资源
        http
            .authorizeRequests()
            .mvcMatchers("/user/**").hasRole("API")
            .mvcMatchers("/meeting/**").hasRole("API")
            .anyRequest()
            .authenticated();
        //启用httpBasic基本认证  header要添加client_id和client_secret
        //http.httpBasic();
        //跨站点请求伪造
        http.csrf().disable();
        // 处理 Iframe 响应
        http.headers().frameOptions().disable();
        // 基于 Token 不需要 session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // 禁用缓存
        http.headers().cacheControl();

    }
}

